This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QMpSmpuNNhf0X5Htr-mz7erHxzE.roa
File:                     QMpSmpuNNhf0X5Htr-mz7erHxzE.roa (raw, json)
Hash identifier:          ZdO3iSs0JQenmFSRYzIzsBCrJLkMy2r6Va9S820yVO4=
Subject key identifier:   40:CA:52:9A:9B:8D:36:17:F4:5F:91:ED:AF:E9:B3:ED:EA:C7:C7:31
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B791086A968C1B127A2C6B08AC6506DA6
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QMpSmpuNNhf0X5Htr-mz7erHxzE.roa
Signing time:             Thu 01 Jan 2026 10:18:04 +0000
ROA not before:           Thu 01 Jan 2026 10:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49592
IP address blocks:        2a12:bec0:340::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:86:a9:68:c1:b1:27:a2:c6:b0:8a:c6:50:6d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=40ca529a9b8d3617f45f91edafe9b3edeac7c731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0e:81:bd:e0:bf:e6:bd:53:d4:50:fe:8a:ab:
                    68:8b:70:46:21:5a:62:00:27:f6:c4:ba:6a:18:a8:
                    e5:6d:8f:47:be:a9:b0:cb:98:a3:d0:24:81:e9:ba:
                    23:02:e4:8b:9c:1a:0f:0b:2f:c9:54:73:75:00:df:
                    bc:79:24:32:15:6e:f4:a2:66:f5:a5:39:ca:3f:18:
                    01:4e:ad:24:eb:22:2e:2b:33:b3:40:dc:27:37:6d:
                    13:59:b3:03:e2:e3:c6:10:b3:d4:8c:7f:a2:5f:a2:
                    12:2b:c6:21:ce:7b:b6:2f:72:5c:3e:10:12:9a:55:
                    39:b8:fc:21:ea:13:89:a9:bb:71:90:a0:8d:74:7c:
                    43:f4:97:f7:95:7a:44:b0:1b:c2:fc:a4:2e:11:97:
                    90:77:5c:bc:dc:8d:c1:0b:d7:3e:e3:94:dd:2a:ed:
                    64:d4:29:08:25:29:f0:35:47:a0:9e:f6:83:67:e6:
                    09:32:f2:65:d1:88:47:cd:58:98:b3:70:1b:ae:f1:
                    4c:20:28:c0:4a:43:82:06:4e:16:f2:8a:e5:f7:51:
                    90:6e:12:01:8b:d0:94:99:8a:74:6b:bb:91:c6:5f:
                    76:70:db:22:36:ca:f5:2c:4b:b4:e3:84:9a:86:fa:
                    f9:f7:f4:50:6d:8e:33:56:46:bb:9e:6a:c5:d0:62:
                    fb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:CA:52:9A:9B:8D:36:17:F4:5F:91:ED:AF:E9:B3:ED:EA:C7:C7:31
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/QMpSmpuNNhf0X5Htr-mz7erHxzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:340::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:51:f2:80:c8:38:bc:0f:08:9e:c1:25:de:3d:d1:a1:9f:84:
         09:eb:c0:af:07:16:e1:65:05:08:d6:f8:b1:27:ce:b2:fa:ec:
         9a:42:57:7f:4f:c2:eb:c7:75:5a:b7:8d:c3:1c:62:7f:70:be:
         df:03:18:7f:e7:2a:ee:d6:d9:17:ba:fd:86:54:5e:12:09:10:
         d3:fe:42:51:a7:9b:21:5e:6c:ae:4f:b8:b5:1e:0c:5f:70:6c:
         39:2e:ee:0b:1a:06:0f:3b:b1:2e:ce:b4:97:43:da:51:20:04:
         8a:41:61:5d:bb:74:26:d0:a5:f0:7c:79:39:00:bb:6b:2a:5f:
         61:ce:c9:12:9a:c0:f6:7a:a6:39:d5:e5:cb:de:e6:8c:72:8d:
         63:bf:2a:a5:4f:4a:08:9e:29:38:65:fe:0b:16:d5:9b:55:a3:
         cd:00:84:9d:28:48:8d:38:d7:db:78:65:f6:c9:e6:34:d2:2a:
         d5:1a:0b:47:67:e0:92:e2:2d:2a:55:3c:d8:ee:27:2d:49:49:
         c5:6a:2a:1e:6e:21:dc:fe:73:f8:ea:c0:b1:5f:e9:7b:d6:52:
         e5:29:90:ec:ca:80:d3:34:e3:15:2c:4c:3d:2a:36:05:c3:52:
         27:2f:3e:23:bf:6b:5c:5e:53:70:dd:df:81:43:76:4b:ed:c1:
         ed:be:69:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EIapaMGxJ6LGsIrGUG2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGNhNTI5YTliOGQzNjE3ZjQ1ZjkxZWRhZmU5YjNlZGVhYzdjNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkg6BveC/5r1T1FD+iqtoi3BGIVpi
ACf2xLpqGKjlbY9Hvqmwy5ij0CSB6bojAuSLnBoPCy/JVHN1AN+8eSQyFW70omb1
pTnKPxgBTq0k6yIuKzOzQNwnN20TWbMD4uPGELPUjH+iX6ISK8Yhznu2L3JcPhAS
mlU5uPwh6hOJqbtxkKCNdHxD9Jf3lXpEsBvC/KQuEZeQd1y83I3BC9c+45TdKu1k
1CkIJSnwNUegnvaDZ+YJMvJl0YhHzViYs3AbrvFMICjASkOCBk4W8orl91GQbhIB
i9CUmYp0a7uRxl92cNsiNsr1LEu044Sahvr59/RQbY4zVka7nmrF0GL7rQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEDKUpqbjTYX9F+R7a/ps+3qx8cxMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvUU1wU21wdU5OaGYwWDVIdHItbXo3ZXJIeHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wANA
MA0GCSqGSIb3DQEBCwUAA4IBAQANUfKAyDi8DwiewSXePdGhn4QJ68CvBxbhZQUI
1vixJ86y+uyaQld/T8Lrx3Vat43DHGJ/cL7fAxh/5yru1tkXuv2GVF4SCRDT/kJR
p5shXmyuT7i1HgxfcGw5Lu4LGgYPO7EuzrSXQ9pRIASKQWFdu3Qm0KXwfHk5ALtr
Kl9hzskSmsD2eqY51eXL3uaMco1jvyqlT0oInik4Zf4LFtWbVaPNAISdKEiNONfb
eGX2yeY00irVGgtHZ+CS4i0qVTzY7ictSUnFaioebiHc/nP46sCxX+l71lLlKZDs
yoDTNOMVLEw9KjYFw1InLz4jv2tcXlNw3d+BQ3ZL7cHtvmmD
-----END CERTIFICATE-----